SAP ANNOUNCES END OF SUPPORT DATE FOR THE CLASSICAL RFC LIBRARY
On a recent product update call with IBM, we were informed of an important change to TWS4APPS (SAP) which affects all customers. SAP has announced the end of support (EoS) date for Classical RFC Libraries, which are used as the transport connection by TWS4APPS (SAP), as being the 31st March 2016. Of course it won’t just stop working after this date, however if you want your SAP support to continue then an upgrade to the SAP NetWeaver RFC Library will be required before the EoS date.
So what does that mean for TWS4APPS? Well, given that TWS4APPS uses the Classical RFC Library (librfc32) to communicate with SAP, an upgrade to a later release will be required. We are seeking clarification from IBM as to the recommended path to address this change, and will communicate this to you as soon as possible. Additionally, IBM will need to secure certification for TWS4APPS to use the SAP NetWeaver RFC Library, so expect an official announcement from them in the near future.
You can view the official notice from SAP at:
The two versions of the RFC API are characterised by their different functionality:
Classical RFC API (ASCII or Unicode version):
- Support of the classical RFC protocol only
- No dynamic meta data retrieval
- Not free of redundant functions
- The ASCII version supports the SAPGUI protocol
SAP NetWeaver RFC API contains a restructured set of functions and thus offers extended functionality:
- Dynamic meta data retrieval
- Support of all SAP single code pages
- Support of the classical RFC protocol and a new binary protocol (basXML) that allows a considerable reduction of data volume when using complex parameter types
- No redundant functions
- Supports SAPGUI protocol and start of SAPGUI
- Does not support communication between two external systems
SAP recommend the use of the NetWeaver RFC API over the Classical RFC API due to its functional and performance enhancements, which is why they have announced this EoS date. We recommend you start planning now. For further information and questions please contact Probal Sil at Elyzium.
SHELLSHOCK – WHAT TWS USERS NEED TO KNOW
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands and gain unauthorised access to systems.
The bugs have been assigned CVE identifiers identifiers CVE-2014-6271 & CVE-2014-7169, and whilst TWS isn’t vulnerable to them as shipped out-of-the-box, IBM still highly recommends that you perform an urgent upgrade of Bash to account for the scenarios where TWS is using it.
Please read the IBM Security Bulletin for further information, and if you have any questions or concerns we’d be happy to advise.